HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Displaying articles for: May 2014

HP Security Briefing, episode 13 – The art and near-science of threat modeling

In this month’s briefing, we give an overview of the threat-modeling landscape – what it affects, how it got this way, what the current notable conditions are, and how to introduce the pertinent concepts to your organization.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 30, 2014

OSINT.jpgIt's time for the May 30th list of HP Security Research OSINT articles of interest! This is a list of publically available articles that we find relevant in today's security news.  

Labels: HP| security

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 23, 2014

OSINT.jpgIt's the May 23rd edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find relevant in today’s security news.  

Labels: HP| security

Technical Analysis of CVE-2014-0515 Adobe Flash Player Exploit

At the end of April, Kaspersky reported an ITW exploit that was abusing an Adobe Flash Player zero-day vulnerability at the time (CVE-2014-0515). The vulnerability was known to be inside the Pixel Bender parser in Adobe Flash Player. I had time to look deeper into how the vulnerability works and how control of the code is acquired using this vulnerability.

The mechanism behind Internet Explorer CVE-2014-1776 exploits

Recently Microsoft patched an Internet Explorer use-after-free bug (CVE-2014-1776) that was being exploited in the wild. Since then I’ve seen several reports of new variants based on the original exploit appearing ITW. Let’s look deep inside the exploitation mechanism to see how it works to make a use-after-free execute shellcode.

What should be the optimal crypto-strength for CryptoLocker?

It is easy to say that the perpetrators of malware, such as CryptoLocker, are bad people.  However, one could also say that the same perpetrators have a pretty good grasp of how to deploy industrial-strength cryptography. But is everything optimal? Could there be such thing as a cryptography that is too strong? Could there be some valid reason to use less strong encryption intentionally?

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 9, 2014

OSINT.jpgWelcome to the May 9th edition of the HP Security Research OSINT News Feed--a list of publically available articles that we find relevant in today's security news! 

Labels: HP| security

Double-Dip: Using the latest IE 0-day to get RCE and an ASLR Bypass

Could the latest 0-day used in the wild be stealthier?

The attack discovered last week used two vulnerabilities but it could have been stealthier. A bug was exploited in flash to bypass ASLR and another in IE to gain RCE. ZDI's research proved that the IE bug can be exploited to bypass ASLR+DEP without using a Flash bug.

Labels: 0day| ASLR| DEP| exploit| IE| IE0day| ZDI

HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 05, 2014

OSINT.jpgWelcome to the May 5th edition of the HP Security Research OSINT News Feed—a list of publically available articles that we find interesting in today’s security news.  

Labels: HP| security

.NET malware: De-obfuscation, decryption and debugging - tips and tricks.

.NET technology is becoming increasingly prevalent and more widely acceptable. It can be found powering up not just large, back-end infrastructures but also a broad class of mobile and embedded devices.  However, having many multi-platform advantages, the .NET framework is also becoming more and more lucrative for malware writers. To deal with the "apparent" openness of the .NET binaries there are various technologies that have emerged and they keep evolving to obfuscate and complicate analysis of malware samples..

Protect your Struts1 applications

Since the last post on how to mitigate the Struts 2 zero day on the wild we have received many queries from customers wondering if their legacy Struts 1 applications were also vulnerable to this same attack. Keep reading ...

Tags: 0day| Struts1
Labels: 0day| Struts1
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.